4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-42501

GHSA ID

GHSA-vv65-fjfj-4736

EPSS Score

0.28283%

CWE

CWE-276

Published

11/27/2023

Updated

2/13/2025

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-42501

CVE-2023-42501: Apache Superset has Incorrect Default Permissions

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove can_read permission from the mentioned resources.

(GitHub Advisory)

4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-42501

GHSA ID

GHSA-vv65-fjfj-4736

EPSS Score

0.28283%

CWE

CWE-276

Published

11/27/2023

Updated

2/13/2025

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
apache-superset	pip	< 2.1.2	2.1.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

Unn***ss*ry r*** p*rmissions wit*in t** **mm* rol* woul* *llow *ut**nti**t** us*rs to r*** *on*i*ur** *SS t*mpl*t*s *n* *nnot*tions. T*is issu* *****ts *p**** Sup*rs*t: ***or* *.*.*. Us*rs s*oul* up*r*** to v*rsion or **ov* *.*.* *n* run `sup*rs*t in

Reasoning

No *n*lysis *v*il**l*

4.3

Basic Information

Concerned about an active attack path?

CVE-2023-42501: Apache Superset has Incorrect Default Permissions

4.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI